The present invention concerns a method of processing data, used for example in a microcircuit card.
In certain contexts, one seeks to render secure the operation of data processing apparatus. This is in particular the case in the field of monetics, in which an electronic entity (for example microcircuit card) carries information representing a pecuniary value and which can therefore be modified only in accordance with a particular protocol. It may equally be a question of an electronic entity for identifying its carrier, in which case operation must be rendered secure to prevent any falsification or abusive use.
One such electronic entity is for example a bank card, a telephone SIM card (the acronym SIM stemming from the English Subscriber Identity Module), an electronic passport, a secure module of the HSM type (from the English Hardware Security Module) such as a PCMCIA card of the IBM4758 type, without these examples being limiting.
In order to make operation more secure, one seeks to be protected against the various types of attack that may be envisaged. One large category of attacks to be combated consists of attacks known as fault generation attacks, during which malicious persons seek to cause the data processing apparatus to depart from its normal, and thus secure, operation.
To parry this kind of attack, the data processing methods commonly used provide steps for verification of the normal running of the method, with the aim of detecting anomalies one possible origin whereof is a fault generation attack. If an anomaly is detected (i.e. if normal running is not verified), the anomaly is processed immediately, and this is generally called security processing. This type of processing consists in fact in a countermeasure intended to combat the attack, for example by prohibiting all subsequent operation of the data processing apparatus.
As indicated, the processing of the anomaly is usually thought of as following on immediately from detection, since the fact of continuing the processing in the presence of an anomaly clearly entails the risk of further degrading the operation of the data processing apparatus and therefore its security.
However, the inventor has noted that this ordinary thinking gives the attacker information as to the moment at which the anomaly is detected. In fact, the time of detection of the anomaly is in itself difficult to access from outside. It is nevertheless thought that the attacker, by observing and analyzing the electrical consumption (or the electromagnetic radiation) of the apparatus, can obtain access to the time of implementation of the processing of the anomaly, for example in the case where this processing consists in an action on an external device. Since according to the ordinary thinking this processing follows on immediately from the detection of the anomaly, the attacker could deduce relatively easily from this the time of detection of the anomaly.
Accordingly, because of the proximity of the detection of the anomaly and of the processing thereof in the usual systems, the attacker has access to additional information on the operation of the data processing apparatus, which of course compromises making the method secure.